CIH due to strike Saturday, massive infection unlikely

Summary:It's that time -- the potentially deadly CIH virus is set to strike again. The Windows 95 and 98 computer virus known variously as WIN95.

It's that time -- the potentially deadly CIH virus is set to strike again.

The Windows 95 and 98 computer virus known variously as WIN95.CIH and PE_CIHV1.4 will activate on Saturday, reformatting infected hard drives and -- on susceptible computers -- destroying the system's core command set.

In the four months since the virus has been discovered, several Internet gaming sites and other companies have been hit by the nasty bug. And the virus may not be done yet.

Still kicking
"This virus still has some life in it," said Igor Grebert, senior researcher with anti-virus software maker Trend Micro Inc. "The software updates are out there, but companies are not using them or don't have full coverage for their systems."



Are you concerned about the CIH virus? Add your comments to the bottom of this page.




The CIH virus was first discovered in June, when a variant of the malicious program activated on the 26th of the month. While a computer can be infected with the virus whenever it opens an infected program, it is only destructive when it triggers. The current variant triggers on the 26th of every month. For September, that's Saturday.

The fact that the trigger date is not a week day may give many companies a bit more time to protect themselves, said Grebert -- if computers aren't on Saturday, the virus will remain quiet. "It's a Saturday [not a weekday], so many computers will be safe," he said. While not very common, the virus is destructive.

On the 26th of each month, the virus will trigger, erasing the first one megabyte of the computer's hard drive. This essentially reformats the hard drive, since information on where files are located is usually stored in this area.

Ounce of prevention
After that, the virus tries to erase the computer's core command set, or BIOS. Only a few motherboards are actually susceptible to this attack, according to a description of the virus created by the Symantec Anti-virus Research Center, so most users need only worry about lost data.

An ounce of prevention is by far the best course. However, having an anti-virus program installed on a computer is not enough. Users should have updated their software's signature file, the dictionary of known viruses, after July 1st to truly be safe.

Topics: Malware, Security, Symantec

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.